Recent cyber incidents affecting Iran’s banking sector have exposed significant vulnerabilities in the country’s financial infrastructure and raised concerns about the resilience of critical civilian systems amid ongoing regional tensions. While Iranian authorities have characterized the recent incidents as limited and manageable, the scale, duration, and repeated nature of the disruptions suggest that Iran’s financial system remains vulnerable to future cyber operations.

The first major incident occurred on June 14, 2026, when Iran’s Banking Coordination Council confirmed that a cyberattack had targeted the shared communications infrastructure used by Bank Melli, Bank Tejarat, Bank Saderat, and the Export Development Bank of Iran. Authorities stated that no customer data had been compromised but acknowledged that banking services experienced significant disruptions. Recovery efforts reportedly required several days.

A second major cyber incident occurred on June 23, 2026, when Iran’s state-owned Informatics Services Corporation (ISC) announced that cyberattacks had disrupted card-based banking services at Bank Melli, Bank Saderat, and Bank Tejarat. In response, ISC temporarily suspended portions of the affected card networks to prevent unauthorized access and protect customer assets. The disruptions affected ATM services, point-of-sale terminals, mobile banking applications, and card transactions, causing widespread interruptions for customers across the country.

In the days that followed, Iranian media outlets and customers reported disruptions affecting additional banks, including Bank Mellat, Bank Pasargad, Bank Sepah, Bank Keshavarzi, Bank Resalat, and the Development Cooperative Bank. Although authorities announced that many services had been restored, customers continued to report problems with mobile banking applications, internet banking platforms, and interbank transfer systems.

The recent incidents have highlighted a longstanding structural vulnerability in Iran’s financial sector: the heavy dependence of multiple banks on centralized infrastructure providers. In particular, the Informatics Services Corporation, which is partly owned by the Central Bank of Iran, operates critical financial infrastructure, including SHETAB, Iran’s national interbank card network, and SHAPARAK, the country’s electronic payment network. As a result, disruptions affecting shared infrastructure can quickly cascade throughout the broader banking sector.

Iranian parliamentarian Meysam Zohourian, a member of the parliament’s Economic Commission, stated that the precise source and technical nature of the attacks had not yet been determined and that replacing hardware components had not fully resolved the disruptions. He also criticized the concentration of critical banking services within institutions linked to the Central Bank, arguing that this structure may increase systemic vulnerabilities.

The consequences of these disruptions have extended beyond the banks directly affected. Customers have reported difficulties accessing deposits, conducting business transactions, processing interbank transfers, and meeting contractual obligations. Increased demand on unaffected institutions has reportedly produced temporary service disruptions elsewhere in the banking system, illustrating the degree of interconnectedness within Iran’s financial sector.

The current disruptions should also be understood within the broader context of regional cyber competition. During the 2025 Iran-Israel conflict, cyber operations targeted multiple elements of Iran’s critical infrastructure, including financial institutions. The cyberattack against Bank Sepah, which was claimed by the group Predatory Sparrow, demonstrated that banking infrastructure has become an increasingly important target in regional cyber conflict.

While there is currently no public evidence of an imminent large-scale attack on Iran’s financial system, the repeated disruptions experienced in recent weeks suggest that the risk of future cyber operations against Iranian banking infrastructure remains elevated. The recent incidents underscore the growing importance of cyber resilience for civilian financial systems and illustrate how cyber conflict can impose substantial costs on ordinary citizens even in the absence of direct military confrontation. As regional tensions persist and cyber capabilities become increasingly integrated into state competition, the resilience of civilian financial infrastructure is likely to become an increasingly important component of both national security and regional stability.